Password entropy and password managers

A thought that has been floating in my head. Say that you use a password manager like 1Password or LastPass, and typically you use the same character heuristics on every generated password (say 4 num, 4 symb, 30 char), does the knowledge of the length and specific complexity give any advantage to cracking a password?

Probably not. You're not reverse engineering the password. You can only narrow the possible length and character classes to be included in the rainbow table. It's still going to be a simple encrypt and match.

There are a couple different attack workflows you have to consider, and I think trust matters more than entropy.

It depends on the attacker trying to get your accounts, but there's a good chance she can use some of your passwords to improve her chances at guessing the rest... So what's more important than entropy-per-password is entropy-overall: don't trust all your sites with similar passwords.

I'd hope the password manager either uses a secure random number generator, under the hood, for each unique password, or is very careful about the entropy it preserves and takes a conscious effort to make it very hard to guess others from one leak. Don't even start me on the big single point of failure in using a system which stores the passwords for you...

Well I personally use 1Password so the passwords are completely random. I had to this point had the thought that if there were a way to determine complexity of all passwords that they would be more subject to compromise, so I had taken the extra step to also randomize length and the number of characters, numbers, and symbols that it had been generated.

And of course the achilles heal in a system like that is how strong your master password is. Mine is generally complex.

The best you can say is that they're pseudorandom. Do you know this for a fact, or did the maker of the software say so?

In this case, there is no difference between random and pseudorandom (assuming the program uses a good pseudorandom generator), unless the attackers have access to the computer that generated the password at or around the time the password was generated, which is... highly unlikely, to say the least.

Quote:

A thought that has been floating in my head. Say that you use a password manager like 1Password or LastPass, and typically you use the same character heuristics on every generated password (say 4 num, 4 symb, 30 char), does the knowledge of the length and specific complexity give any advantage to cracking a password?

In theory, yes. For example, if you have 56 case sensitive letters, 10 numbers, and 33 symbols, the complexity would be 96^38 with a totally mixed password, whereas it would be only 56^30*10^4*33^4 (I think, assuming I'm doing it right) with 4 num, 4 symb, and 30 characters, assuming of course the crackers know that is exactly what the password contains. Of course, either of those examples are entirely uncrackable, plus you'd have to break several to see a pattern, and they'd have to be looking for the pattern in the first place, all of which would required the attackers to be focusing on you specifically, and anyone who is getting that kind of focus shouldn't be using a password manager in the first place.

Yeah, as baloroth said if you choose the same parameters every time it does reduce the entropy of your password, but part of the point of using the password manager in the first place is to allow you to use passwords with enough entropy that cracking them is not feasible. It doesn't matter that you've slightly reduced the entropy, because a 38 character password (are you actually using ones that long? I'm surprised most sites accept them) including numbers and symbol is not feasible to crack even if you know that there are exactly 4 numbers and 4 symbols.

And of course as baloroth also said, this whole question is predicated on an attacker knowing exactly what your parameters are. I'm not exactly sure how anyone would find that out without already having a much more powerful attack vector (eg, software running on your machine which can read your parameters from 1password).

Even using the most conservative of "reasonable" defaults (ie. 8 letters), you're still better off with an attacker that knows you're using an 8-letter password from 1Password (or similar) than laboring under the assumption that you're generating your passwords manually (in the "thinking them up" sense, not the "diceware" sense).

A random 8-letter string has significantly more possibilities than an 8-letter "word", and standard letter-pairs wouldn't be helpful in cracking the password.

If you can assume that your password manager is (a) providing a good random number generator and (b) storing its data in a format which is difficult to crack, it's better to use the most basic, generic, nigh-universally-acceptable defaults than to try to come up with your own.

For any given individual password attack, a cryptographically strong enough random generator (or truly random) and the length of the password mean there is a *minimum* information entropy to the generated password regardless of any other knowledge the attacker posses.

Of course,

0. This says nothing about whether the chosen character heuristics generate enough entropy for available methods of attack now or in the lifecyle of the password (minnmass's point is particularly relevant).1. The process used by the attacker to attack a single password almost certainly would result in the password having a higher effective entropy than the minimum, i.e. they are unlikely to know how any given password or set of passwords was generated.2. This says nothing about other vectors of attack such as gaining access to a password manager's database.3. This says nothing about other risks, such as losing access to passwords.

I personally use offline password managers like KeePass to mitigate the risk of 2 and 3.

He's basically the Infosec community's inside joke on the rest of the world, please don't recommend him to people who won't understand the obvious sarcasm.

squeeze wrote:

Short answer: no.

For any given individual password attack, a cryptographically strong enough random generator (or truly random) and the length of the password mean there is a *minimum* information entropy to the generated password regardless of any other knowledge the attacker posses.

Of course,

0. This says nothing about whether the chosen character heuristics generate enough entropy for available methods of attack now or in the lifecyle of the password (minnmass's point is particularly relevant).1. The process used by the attacker to attack a single password almost certainly would result in the password having a higher effective entropy than the minimum, i.e. they are unlikely to know how any given password or set of passwords was generated.2. This says nothing about other vectors of attack such as gaining access to a password manager's database.3. This says nothing about other risks, such as losing access to passwords.

I personally use offline password managers like KeePass to mitigate the risk of 2 and 3.

++ to KeePass. Personally I would never trust my key db to a 3rd party that hasn't completely open-sourced both their client and backend code. 'Proprietary' is just another way of saying 'we don't want you to see how badly we've fucked up'.

I've been using KeePass for a little while now. It's great not knowing most of my passwords now (I kept a few accounts memorized, but complicated them, I was following worst practices for a very long while). I like that everything is open source and my database isn't relying on a third party with a copy of my key or my database. I am a little disappointed in how many sites have limits on passwords (no specials, under 15 characters), but I'm assuming whatever KeePass generates is stronger than anything I come up with (unless the site operator keeps it in plaintext on their server), but I'm not reusing anything any more.

Does anyone know if the iOS apps like minikeepass are trustworthy (or any good)? I'm assuming if they still update the app, and it's mentioned on the official site it has some legitimacy. I'm assuming paranoid folks on the internet have looked at the KeePass source code and sniffed its packets. But an app store program seems to be a different beast. Mostly I'd like to forget my AppleID password (it has no CC info at least), but I'm not sure who if anyone vets apps for the paranoid (assuming the paranoid can use a smartphone).

I've been using KeePass for a little while now. It's great not knowing most of my passwords now (I kept a few accounts memorized, but complicated them, I was following worst practices for a very long while). I like that everything is open source and my database isn't relying on a third party with a copy of my key or my database. I am a little disappointed in how many sites have limits on passwords (no specials, under 15 characters), but I'm assuming whatever KeePass generates is stronger than anything I come up with (unless the site operator keeps it in plaintext on their server), but I'm not reusing anything any more.

Does anyone know if the iOS apps like minikeepass are trustworthy (or any good)? I'm assuming if they still update the app, and it's mentioned on the official site it has some legitimacy. I'm assuming paranoid folks on the internet have looked at the KeePass source code and sniffed its packets. But an app store program seems to be a different beast. Mostly I'd like to forget my AppleID password (it has no CC info at least), but I'm not sure who if anyone vets apps for the paranoid (assuming the paranoid can use a smartphone).

You can always examine the (alleged) source code for MiniKeyPass yourself. Unfortunately I know of no way to verify that the version you download from the app store was compiled from that source code. IMO, this is one of the major flaws of current app stores (all of them, really). It's not like it would be all that hard to include a signature verification mechanism for "open source" apps.